CVE-2023-23624

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.0.1 on the stable branch Discourse versions prior to 3.1.0.beta2 on the beta and tests-passed branches

Description The issue affects Discourse, an open-source discussion platform, where someone can use the exclude tag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories.

Recommendations For versions prior to 3.0.1 on the stable branch, update to version 3.0.1 or later. For versions prior to 3.1.0.beta2 on the beta and tests-passed branches, update to version 3.1.0.beta2 or later. As a temporary workaround, consider securing any categories that are using hidden tags, changing any existing hidden tags to not include private data, or removing any hidden tags currently in use.